<?php
$ALLOWUSER = array(
	'xiaohei' => array('pass' => 'guoyu', 'name' => ''),
	'liangliang' => array('pass' => '123qwe', 'name' => ''),
	'dongdong' => array('pass' => '123qwe', 'name' => ''),
);
$session_prefix = 'tz_3579_';
session_start();

try {
if ($_SERVER['SCRIPT_NAME'] != '/view/checkuser.php'){
	// 为各个页面检查登录状态
	if (!check_session()){
		header('Location: /view/checkuser.php');
		exit();
	}else {
		throw new Exception('check ok');
	}
}

// ---------------- 登录、退出操作 ----------------
$err_msg = '';
$opt = isset($_GET['opt']) ? $_GET['opt'] : '';
$opt = substr($opt, 0, 3); // 防注入
if ($opt == 'set'){
	// 登录
	if (isset($_POST['user']) && isset($_POST['pass']) && isset($_POST['vcode'])){
		$user = substr(trim($_POST['user']), 0, 10); // 最长10个字符
		$pass = substr(trim($_POST['pass']), 0, 32); // 32个字符
		$vcode = substr(trim($_POST['vcode']), 0, 5); // 最长5个字符
		if (isset($ALLOWUSER[$user]) && md5($ALLOWUSER[$user]['pass']) == $pass && $_SESSION['vcode_tmp'] == $vcode){
			$_SESSION[$session_prefix . 'user'] = $user;
			$_SESSION[$session_prefix . 'checklogin'] = generate_checkinfo($user);
			header('Location: /');
			exit();
		}else {
			$err_msg = '信息验证失败，请重试！';
		}
	}else {
		$err_msg = '有未填写信息，请重试！';
	}
}elseif ($opt == 'out') {
	// 退出
	session_destroy();
	exit('成功退出，<a href="/view/checkuser.php">登录</a>');
}else {
	if (check_session()){
		header('Location: /');
		exit();
	}
}



?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link type="text/css" href="/include/css/style.css" rel="stylesheet" />
<link type="text/css" href="/include/css/patch_function.css" rel="stylesheet" />
<title>登录</title>
<script language="javascript" src="/include/js/jquery-1.11.1.min.js"></script>
<script type="text/javascript" src="/include/js/md5.js"></script>
</head>
<script>
$(function() {
  var username = '', password = '', vcode = '';

  // 提交
  $("input").bind("keypress", function(evt) {
    if (evt.keyCode == 13) {
      $("#form_submit").click();
    }
  });
  $("#form_submit").click(function() {
    username = $("#user").val();
    password = $("#pass_tmp").val();
    vcode = $("#vcode").val();
    if(username == '') {
      hint_err('用户名为空');
      return;
    }
    if(password == '') {
      hint_err('密码为空');
      return;
    }
    if(vcode == '') {
      hint_err('验证码为空');
      return;
    }
    
    $("#pass_tmp").val("");
    $("#pass").val(md5(password));
    $("#login_form").submit();
  });
  
  // 刷新验证码
  $("#imgclick").click(function() {
    var src = '/vcode.php?' + Math.random();
    $(this).find('img').attr('src',src);
    return;
  });

  function hint_err(msg){
    $("#hint_err").show();
    $("#hint_err_msg").text(msg);
  }
});
</script>
<body class="Admin_UIbody">
  <div class="Admin_xline1"></div>
  <div class="Admin_login">
    <div class="Admin_panel_wrap">
      <form method="post" id="login_form" action="checkuser.php?opt=set" name="lform">
        <div class="Admin_panel">
          <p class="form_line clearfix"><label for="username">用户名</label><input type="text" id="user" name="user" value="" class="Admin_iptxt" />
          <span class="form_txt"></span></p>

          <p class="form_line clearfix"><label for="password">密码</label><input type="password" id="pass_tmp" name="pass_tmp" class="Admin_iptxt" autocomplete="off"/></p>
          <span class="form_txt"></span></p>
          <input type="hidden" name="pass" id="pass" value="" />

          <p class="form_line clearfix"><label for="vcode">验证码</label><input type="text" id="vcode" name="vcode" autocomplete="off" class="Admin_iptxt"/><a href="javascript:void(0)" id="imgclick" style="cursor:hand" title="点击更换"><img id="nowimg" width="90" height="30" style="margin:6px 0 0 6px" src="/vcode.php" /></a></p>
          <span class="form_txt"></span></p>

          <p class="form_tip clearfix" id="hint_err" <?php if (empty($err_msg)){echo 'style="display:none;"';}?>><span class="icon_del"></span><span id="hint_err_msg"><?php echo $err_msg?></span></p>

          <p class="form_button clearfix"><a href="javascript:void(0)" id="form_submit" class="login_btn"></a></p>

          <p class="form_tip clearfix" style="display:none; line-height:30px;">warning</p>
        </div>
      </form>
      <p class="copyright">Copyright &copy; 2014 guoyu1268@qq.com</p>
    </div>
  </div>
  <div class="Admin_UIplus"></div>
</body>
</html>

<?php
}catch (Exception $e){}

// 检查session信息
function check_session(){
	global $session_prefix;
	$re = false;
	if (isset($_SESSION[$session_prefix . 'user']) && isset($_SESSION[$session_prefix . 'checklogin'])){
		$user = $_SESSION[$session_prefix . 'user'];
		$checklogin = $_SESSION[$session_prefix .'checklogin'];
		$_checklogin = generate_checkinfo($user);
		if ($checklogin == $_checklogin){
			$re = true;
		}
	}
	return $re;
}

function generate_checkinfo($user = 'default'){
	return substr(md5('check_info_' . $user), 0, 10);
}
?>